Example GRE configuration for Juniper SRX

This topic provides example GRE configurations that needs to done on Juniper SRX to route http and https traffic to Forcepoint ONE SSE via GRE tunnels.

set interfaces gr-0/0/0 unit 0 description primary
set interfaces gr-0/0/0 unit 0 tunnel source 13.229.255.0
set interfaces gr-0/0/0 unit 0 tunnel destination 157.167.231.203
set interfaces gr-0/0/0 unit 0 family inet address 192.160.1.1/30
set interfaces gr-0/0/0 unit 1 description backup
set interfaces gr-0/0/0 unit 1 tunnel source 13.229.255.0
set interfaces gr-0/0/0 unit 1 tunnel destination 67.202.10.242
set interfaces gr-0/0/0 unit 1 family inet address 192.160.2.1/30

set routing-instances route_to_gre instance-type forwarding
set routing-instances route_to_gre routing-options static route 0.0.0.0/0 next-hop gr-0/0/0.0

set routing-options interface-routes rib-group inet route_to_gre_1
set routing-options static route 0.0.0.0/0 next-hop 192.168.0.1
set routing-options rib-groups route_to_gre_1 import-rib inet.0
set routing-options rib-groups route_to_gre_1 import-rib route_to_gre.inet.0

set firewall family inet filter TO_GRE term 0 from source-address 10.1.1.0/24
set firewall family inet filter TO_GRE term 0 then routing-instance route_to_gre
set firewall family inet filter TO_GRE term 0 from destination-port 80
set firewall family inet filter TO_GRE term 0 from destination-port 443

set interfaces ge-0/0/1 unit 0 family inet filter input TO_GRE
set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.0/24

set security zones security-zone zone1 host-inbound-traffic system-services all
set security zones security-zone zone1 host-inbound-traffic protocols all
set security zones security-zone zone1 interfaces ge-0/0/0
set security zones security-zone zone1 interfaces gr-0/0/0.0
set security zones security-zone zone1 interfaces gr-0/0/0.1

set services rpm probe ping_primary_DC_monitoring_IP test primary_tunnel probe-type icmp-ping
set services rpm probe ping_primary_DC_monitoring_IP test primary_tunnel target address 116.50.59.230
set services rpm probe ping_primary_DC_monitoring_IP test primary_tunnel probe-count 5
set services rpm probe ping_primary_DC_monitoring_IP test primary_tunnel probe-interval 2
set services rpm probe ping_primary_DC_monitoring_IP test primary_tunnel test-interval 2
set services rpm probe ping_primary_DC_monitoring_IP test primary_tunnel thresholds successive-loss 3
set services rpm probe ping_primary_DC_monitoring_IP test primary_tunnel thresholds total-loss 3
set services rpm probe ping_primary_DC_monitoring_IP test primary_tunnel next-hop 192.160.1.2
set services ip-monitoring policy failover match rpm-probe ping_primary_DC_monitoring_IP
set services ip-monitoring policy failover then preferred-route routing-instances route_to_gre route 0.0.0.0/0 next-hop 192.160.2.2